How to block your (or open someone) Java code GREG travis Date: 2002-12-25 10:07:21
Java code anti-compilation and fuzzy processing of GregTravis (mito@panix.com) Free programmer, New York May 2001
Whether it is to modify the code in many online open source libraries, or call the common operating system routine, you can't spend some time to figure out the code you have not written, and you may not have the source file of these code. When you start debugging the code, you need a good Java anti-compiler and understand the technology that is correctly used. At the same time, you must also know how to protect your own code is not peeked. To this end, you also need to understand the problem of code fuzzy processing. In this initiator guide on opening and blocking Java code, GregTravis uses the examples of the popular tools such as MoCha, Hosemocha, JMangle, and Jode, and will gradually teach you the basics of disassembly, anti-compilation and Java code fuzzy processing. . It is not more frustrated by no source code without finding an error. It is this reason that has led to the emergence of the Java anti-compiler, which can complete the compiled bytecode to the origin code. Although the code anti-compiler is not just for the Java language, it has never been disclosed or widely used as in Java developers.
Relative to the anti-compilation needle is blurred. Suppose the anti-compiler can easily obtain the source code from the compiled code, then protect your code and valuable technical secrets is not that simple. As the Java anti-compiler is generally used, Java fuzzy processors are also popular, and its role seems to put a smoke button in front of your code. Anti-compilation and fuzzy treatment has attracted a debate in the field of commercial development - most of the debate is concentrated on Java language.
In this article, I will let you understand the specific processes of code anti-compilation and fuzzy processing, discuss the theoretical issues after these two technologies, and briefly talk about their debate caused in business programming. I will also introduce some more famous anti-compilers and fuzzy processors (with commercial, open source), and use them with the in-depth use of the article to create some instances.
What is anti-compilation? Reflexibility is a process of converting a target code into a source code. This should be very clear because compiling is a process of converting source code into a target code. But what is the target code? A generally definition is that the target code is a code represented by the language, which can be performed directly through an enormous or virtual machine. For languages like C, the target code is typically running on the hardware CPU, while the Java target code is usually running on the virtual machine.
Reflexo is difficult as described above, and the anti-compilation is relatively simple, but it is actually very difficult - from essentially, it is included in the small size, low-level behavior to infer the large scale High level behavior. In order to have an intuitive understanding, we regard a computer program as a complex company organizational structure. High-level managers have reached their subordinates to "maximize technology production capacity" commands, and the subordinates turn these commands into more specific actions, such as installing new XML databases.
As a new employee of the company, you may ask what he or she is doing, and get answering, "I am installing a new XML database." From this sentence, you can't infer its ultimate goal is the biggest Experience how technology production capacity is improved. After all, the ultimate goal is not the same, for example, may be data that separate the supply chain or accumulate consumers.
However, if you belong to those who are curious, you may ask a few questions and let the affiliates from different levels of the company answered your question. Finally, when all the answers are summarized, you may guess that the greater goal is to maximize technology production capacity.
If you look at the computer program as a organizational structure similar to a company, then the anti-compile code is not irrelevant, the above will give you a direct feeling. From the perspective of comparison, this is to reference the outstanding researcher Cristinacifuentes in this area to describe the description of the anti-compilation process: any binary renovation project requires disassembly of code stored in the binary file. In theory, the data and code separated on Vonneumann are like shutdown issues, so complete static translation is impossible. However, in fact, different techniques can be used to improve the proportion of code that can be static translated, or take dynamic translation techniques that can be used in operation. - "BinaryReengineeringOfDistributedObjectTechnology" (see Resources)
Converting the target code into a source code is not the only problem that I encountered during the anti-compile. A Java class file potential contains some different types of information. It is important to know which type of information that may contain in the class file is important for understanding how you use this information and how it works for information. This is actually what Java reverse editor is required.
It is not very important that the true binary format of the Java class file is not important. What is important is to know which different kinds of information have been included in those bytes. In this step, we will take advantage of the tool - Javap with most JDK. Javap is a Java code disassembly, which is different from the anti-compiler. The reverse instrument converts the target code of the machine readable format (as shown in Listing 1) into readable code (as shown in Listing 2).
Original Listing 1. A class file 0000000fecabeba03002d0042000008081f3400 00000200008073f2c0000070735360000070737 0000040380000070a3904001500000a00070a15 000006008001600000a00080a17080018000009 ...
Listing 2.Javap Output LOCALVARIABLESFORMETHODVOIDPRIV (INT) FOTHISPC = 0, Length = 35, slot = 0 INTARGUMENTPC = 0, Length = 35, Slot = 1
Methodvoidmain (java.lang.string "0New # 4 3Invokeespecial # 10 6Return
Note that the list 2 is not the source code. The first part of this list lists the local variables of the method; the second part is assembly code, which is also a readable target code.
Elements in a class file Javap is used to negate assembly or unpack a class file. Here is the information contained in the Java class file that can be reversed by using Javap:
Member variables. Each class file contains all name information and type information corresponding to each data member of the class.
After disassembly method. Each method of the class is represented by a string of virtual machine commands and came with its type sign.
Line number. Each section in each method is mapped to the source code row, where possible, source code rows to generate a section. This allows real-time systems and debuggers to provide stack tracking for programs running.
Once the local variable name is compiled, the local variable of this method does not need to be named, but can contain them by using the -g option to the Javac compiler. This also makes real-time systems and debuggers help you.
Since the internal situation of the Java class file has been understood, let's take a look at how to convert this information to achieve our goal.
Using the anti-compiler is conceptually, the anti-compiler is very simple. He is to use the compiler to use: You give it .class file, it will give you a source code file.
Some comparison new anti-compilers have a delicate graphical interface. However, in the example, we will use Mocha, which is the first publicly available anti-compiler. In the end of this article, I will discuss a newer anti-compiler in GPL. (See Resources, download MOCHA and get a list of Java anti-compiler.) Let us assume that there is a class file called foo.class in the directory. Using MoCha, it is very simple to compile, as long as you type the following command:
$ javamocha.decompilerfoo.class
This generates a new file called foo.mocha (Mocha uses foo.mocha this name to avoid the source code of the original file). This new file is the source file of Java, and if everything goes well, you can compile it normally. Just rename it to foo.java can start.
But there is a problem here: If you run Mocha on some code you already have change, you will notice that the code and source code it generate is not exactly the same. I will give an example so you can understand what I mean. The original source code shown in Listing 3 is a test program from a foo.java.
Listing 3. Foo.java's a small part of the original source code
PrivateInTmember = 10;
PUBLICFOO () {Intlocal = returnteger (); system.out.println ("fooconstructor"); priv (local);}
The following is the code generated by Mocha
Listing 4. Mocha Source Codes Generated by Foo.java
PrivateInTmember;
Publicfoo () {member = 10; intlocal = returnteger (); system.out.println ("fooconstructor"); priv (local);}
The member variable of the two codes of code Member is initialized to 10. In the original source code, it is expressed as an initial value in the same line of the declaration, and in the retrograde source code, it is represented as an assignment statement in one constructor. The anti-compiletable code tells us some ways to be compiled by the source code; that is, its initial value is compiled as the assignment in the constructor. By observing the results of anti-compilation, you can learn how many Java compilers work.
Difficulties are difficult: Continue to repeat Although MOCHA can independence your target code, it will not always succeed. Due to difficulties, there is no anti-compiler to translate export code accurately, and each reverse compiler processes their vulnerabilities in the translation process. For example, MoCHA sometimes has some problems in the structure of an accurate cycle structure. If this is true, it uses a pseudo GOTO statement in the final output, as shown in Listing 5.
Listing 5. Mocha cannot be accurately refactored
if (i1 == i3) goto214else138; j3 = getSegment (i3) .getZOrder (); if (! j1 = 1) goto177else154; if (j3> k2 && (k1 || j3expression0 if (j3j2)) goto203else196;! expression0 if = = GOTO201 Continue; I2 = i3;
The problem of moving Mocha does not talk, the anti-compiler is typically translated out the source code in general. Once you know the weakness of an anti-compiler, you can manually analyze and convert anti-compilation code so that they can comply with the original source code more accurately. As the anti-compiler is becoming more and more excellent, we have encountered another problem: if you don't want anyone to compile your code, what should I do?
Although the anti-compilation and the threat to safety, most of the code is completely high, but the fact is one of the necessary tools for software infringement. Because of this, especially for developers in the field of business and non-open source code, the existence of cheap (or free) Java code disassemble tool is a serious problem. In terms of language itself, Java code is very easy to disassemble due to its relatively simple Java virtual machine (compared to true microprocessors) and its very standardized byte format. And this has become a lot of controversies in the field of commercial development. Since the first release of Mocha in 1996, some companies and individuals who have been investing in their source code have been quarriage to the Java anti-compiler.
In fact, when Mocha is first released, its author Hanpetervanvliet has been threatened by some companies' litigation (see Referring). At first, he removed the anti-compiler from his website, but he later provided a better solution in Crema's form. CREMA is a Java fuzzy processor that is completely opposite to MOCHA.
Since the release of Crema, many Java fuzzy processors have begun, some of which are commercial, and some are open source. As you can see, a good Java fuzzy processor can protect your Java code to a large extent.
Pattern relative code fuzzy processing code fuzzy treatment The meaning of the literal is ambiguity to deal with your code. The Java fuzzy processor changes the program with a non-spot method, so that its operation is exactly the same, but it makes people trying to understand the program more confusing.
Let's take a look at what is the case where the reverse program encounters the code after fuzzy treatment. Listing 6 shows the results of the Java code that MOCHA attempts to disassemble the Java code called JMangle's fuzzy processing. Please note that the following short programs and we are using the same in the previous list, although at first glance, you will definitely think so.
Listing 6. The code publicfoo () {JM2 = 10; INTI = JM0 (); system.out.println; JM1 (i);}
The fuzzy processor like JMangle converts many variable names and method names (sometimes even the names of the class name and package) into unspecified strings. This makes it difficult to read the program, but for JVM, it is the same in nature and the original program.
It is not just that the labels are meaningless to make the markers, but they are not only these. The reason why Crema is notorious is because it has used many despicable means to prevent disassembly, and there are many fuzzy processors that have already appeared, they have followed it.
A commonly used fuzzy processing code is to replace the tags in the class file with an illegal string, which is more step more than using the meaningless string. Alternatively, it is possible to be a keyword, such as private, or even like *** meaningless tags. Some virtual machines - especially in the browser - these weird orders do not make legal reactions. It is technically said that a variable = such variable is opposite to Java's specifications; some virtual machines can ignore it, while others cannot be like this.
Crema placed bomb Press literally, and another policy used by CREMA is a bomb. CREMA has the ability to completely shut down MoCha. It adds a small "bomb" in the compiled code, causing Mocha to crash when trying to refine the code.
Unfortunately, CREMA has not been, but there is a tool called Hosemocha is designed to close MoCha. In order to understand how Hosemocha is working, we will use Java, this trusted contusurtor. Listing 7 shows the code before the Hosemocha placed the bomb. Listing 7. Put the code before the bomb Methodvoidmain (java.lang.string []) 0NEW # 4 3InvokeSpecial # 10 6Return
The following is the code after HosemoCha.
Listing 8. Code after placing the bomb Methodvoidmain (java.lang.string []) 0NEW # 4 3InvokeSpecial # 10 6Return 7Pop
Do you see the bomb? Please note that this program has a POP statement after returning. Wait a minute - do you still do it after returning? Obviously, it can't, and this is the key. After returning a statement, put a instruction to ensure it will not be executed. What you see here is that it is impossible to be disassembled. Because it does not correspond to any possible Java source code, there is no meaning.
But why can this little obstacle can cause MOCHA crash? Mocha can simply ignore it, or send a warning message and continue. Although MoCHA's vulnerability of such bombs can be considered a program error, it is more likely to be deliberately set by Vanvliet in order to respond to MoCha attack.
To this end, we have learned that older disassembly tools and fuzzy treatment tools - although it is a bit outdated, it is more excellent. However, similar tools have become more mature in these years, especially in the graphical interface. In the end of this article, let's take a look at a newer reverse system, just let you have a general concept.
New members in this area have become more complicated in the past five years, but also more complicated technology, but also the interface of these tools. In recent contusons, there are a few directory that allows you to browse .class files and you can make disassembled.
Jode (Java optimization and anti-compilation environment) is such a program. Type the .jar file in the command line, Jode will allow you to map its classes and automatically disassemble each class to let you view. This specifically helps find source code through the library provided by JavaSDK. Simply type the following command:
$ javajode.swingui.main - classpath [pattoyourjavasdk] /jre/lib/rt.jar
You will get a complete translation of the file as shown in Figure 1. Figure 1.Jode: An antiboligulator [img] http://www-900.ibm.com/developerworks/cn/java/J-OBFUS/Jode.gif [/ img]
Conclusion Whether you choose to use a classic tool like MoCha or Hosemocha or to study the updated tools, you should use this article as a starting point for you to learn Java disassembly and fuzzy treatment. Here, please browse many of the links provided in the reference materials, try to use some of these tools and prepare for the continuous improvement of your own technology. Despite many controversy, disassembly and fuzzy technologies still exist, and will only become more mature and perfect in the next few years.
Ayuan
9CBS certified blog expert
Blog expert
Huawei old employees
Big Data
More than ten years, in Huawei, Internet Corporation's experience, profound understanding and practical experience in CRM, big data, mainly sharing various project experience, including architecture, Java, big data and other articles
